Solved

Using SAMBA with encrypted passwords

Posted on 1998-11-13
11
303 Views
Last Modified: 2013-12-27
Hi there,

I installed samba 1.9.18p10 on a Solaris 2.6 system. I want to access it from a WinNT 4.0 wkst with SP3.

To do this (without having to change the way winnt negotiates passwords) I have to enable encrypted passwords in samba.

Now, as I understand there are primarily two ways:
1) Make a special samba-password file
2) Let another server/domain do the authentication

I want to use method (2), so I would like to just set "security=myserver.bla.bla", where myserver is my NT PDC.
Will this work or do I still need a samba password file. The documentation is a bit ambiguous in that respect ....

Excerpt:
"In this mode Samba will try to validate the
username/password by passing it to another SMB server, such
as an NT box. If this fails it will revert
to "security = user", but note that if encrypted passwords
have been negotiated then Samba cannot revert back to
checking the UNIX password file, it must have a valid
smbpasswd file to check users against."
^^^^^^^^^

If this should be a hard question, I am willing to give more points, but I am sure this should be a pretty standard-situation.

Greetings,

         os
0
Comment
Question by:os012897
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 3

Expert Comment

by:arunm
ID: 2007807
Im slightly confused, using this method what would happen if you attached a NT box that did not have sp3 ie. password encryption. Wouldnt it just be easier (but admittedly less secure!) to use the registry hack to stop NT (sp3) using encrpytion?
   
0
 
LVL 3

Author Comment

by:os012897
ID: 2007808
That is what I am doing right now, but I do not want to have it that way forever.

Basically I think as long as you have a user with identical UID on the NT and UNIX box it should work, as even NT before SP3 used password encryption. The difference is just, that pre-SP3 NT had a default fallback mode where it would also send passwords unencrypted if necessary, which after SP3 isn't the case anymore.

Greetings,

       os

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007809
Due to the lack of responses, Im starting to wonder if what your asking will actually work?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 3

Author Comment

by:os012897
ID: 2007810
Well, maybe I should ask in the WInNT forum .....

os

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007811
Good idea. Why not post a zero question there, indicating the problem and with the url of this thread.

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007812
that should read- zero point question.

0
 
LVL 1

Expert Comment

by:kuehn
ID: 2007813
Have you tried to setup an Wins server? Samba needs wins. Without no login.
0
 
LVL 3

Author Comment

by:os012897
ID: 2007814
Hi kuehn,

I do not have Wins, but I CAN use the shares from the unix-machine. The problem is just, that I cannot use encrypted passwords (SP3) at the moment, see original question.

Greetings,

      os

0
 
LVL 2

Expert Comment

by:cwalter
ID: 2007815
You have 2 things you need to accomplish.

1. Make sure you have something similiar to the following in your smb.conf file:

[global]
   server string = Solaris SMB Server
   local master = no
   preferred master = no
   wins server = wins.domain.com
   domain master = no
   printing = bsd
   printcap name = /etc/printcap
   load printers = yes
   guest account = pcguest
   security = server
   password server = pdc.domain.com    

2. Setup your smbpasswd file with usernames and passwds which match your NT usernames and passwds.
0
 
LVL 3

Author Comment

by:os012897
ID: 2007816
Thanx cwalter,

First off, you will get your points, I would just like to have two things clarified first:

1) I am NOT using wins, is that a problem?
2) What is the smbpasswd good for? Can't I go without one?


Greetings,

          os

0
 
LVL 2

Accepted Solution

by:
cwalter earned 50 total points
ID: 2007817
You don't really need WINS, it is nice to have running, if nothing else your Unix machine could do it. If you don't have WINS running you need to have the NT name match the IP name. So if your PDC is called pdc in NT then the IP name would be pdc.domain.com.

smppasswd is kinda working as a key. Username to encrypted password and vice versa. This way Unix can match the username to the encrypted password which NT expects.
0

Featured Post

ScreenConnect 6.0 Free Trial

Check out the updates in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI that improves session organization and overall user experience. See the enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Best way to handle awk return value 6 67
Restore XenServer VM with only dd image of LVM snapshot 3 179
check unix curl command return value 7 115
centos commands 6 53
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question